Splunk Search

Community Activity

How to create a regex to match URL ending with file extension to detect file downloads? I am trying to write a regex which will detect/match URLs ending with 2, 3 & 4 letter file extensions (eg - .py, .txt... by jkumarr2 New Member in Splunk Search 06-23-2019 0 3	0	3
How to create Splunk Alert based on custom condition? New to Splunk, can anyone please help me with the below scenario? I am receiving events like below: Event LastUp... by nilanjankc New Member in Splunk Search 06-23-2019 0 2	0	2
How to increase elastic search timeout? Sometimes my search gets fail and unable to fetch data because of below error: ConnectionTimeout at "/opt/splunk/et... by ahmadsaadwarrai Explorer in Splunk Search 06-23-2019 0 3	0	3
How to get an alert if the specific search takes more than 10 min? Ex: "Acquired" is a keyword. This keyword is getting for every minute. I have to get alert if this keyword is not g... by prerana_jain Explorer in Splunk Search 06-23-2019 0 2	0	2
How do I export extracted fields for use in another app? I am creating two apps that use the same data (weird,I know, but I am testing something in my environment). I've buil... by adamfrisbee Explorer in Splunk Search 06-23-2019 0 1	0	1
How to create a search that lists all fields? (and data validation question) Hi, I am looking to create a search that allows me to get a list of all fields in addition to below: \| tstats count ... by mbasharat Builder in Splunk Search 06-22-2019 0 4	0	4
How to create a search for Server Uptime for Windows & Linux in Splunk? I need a Splunk search for finding server uptime for Windows and Linux index= linux sourcetype=cpu by PRASADNALLIBOEN New Member in Splunk Search 06-22-2019 0 2	0	2
How to correlate events from three sources based on time condition I have one index which have events from 3 different sources (A, B & C). The value of CELL, CALLERNO & CALLEDNO are th... by spnewashik New Member in Splunk Search 06-22-2019 0 4	0	4
How to create a search based on multi-value fields I am new to Splunk, currently working on a Shift roster. There are 3 teams and 3 members in each team(totally 9 membe... by poorni_p Explorer in Splunk Search 06-22-2019 0 2	0	2
How to configure source_type to regex value? I'm using a Universal Forwarder and want Splunk to return source_type as what's defined for source within the monitor... by psyched4splunk Explorer in Splunk Search 06-22-2019 0 5	0	5
API: How to specify returning dates with a UTC or GMT offset rather than a CDT time zone? How can I specify Splunk to return dates with a UTC or GMT offset rather than a time zone abbreviation? Right now I g... by artrune Path Finder in Splunk Search 06-21-2019 0 3	0	3
How to multiply column values? The way I do this in excel is by using the formula "=PRODUCT(C2C3C4*C5)" How can I do that in Splunk? Ideally, I ... by rslama Path Finder in Splunk Search 06-21-2019 0 3	0	3
Is there a way to add an extra row based on a pre-defined list of stores if the stores don't exist in the search results? I've searched around and I've been having a hard time finding an answer to this probably due to how I'm phrasing the ... by wesbrowntech Engager in Splunk Search 06-21-2019 0 2	0	2
How to calculate HTTP throughput in GB and average HTTP throughput in KBits/Sec? How do you calculate HTTP Throughput in GB and Average HTTP Throughput in KBits/Sec? by kp5116 New Member in Splunk Search 06-21-2019 0 5	0	5
Search average for time-taken field Hi, I have a log file that has a field called "TimeTaken". The values of this field are in the format: 00:01:27.763 ... by salles Loves-to-Learn Lots in Splunk Search 06-21-2019 0 3	0	3
How to create new field from a mv comma separated ip value field? My IP field will come in as the following: 1.1.1.1,2.2.2.2 I need to extract the first IP and store it in another ... by clozach Path Finder in Splunk Search 06-21-2019 0 3	0	3
Timechart - span=30m show data in 15th and 45th min I am trying to create a timechart base search ... \| timechart span=30m latest(COUNT) as COUNT by NAME it i... by askkawalkar Path Finder in Splunk Search 06-21-2019 1 5	1	5
How to create a table row with all values? Hi I have the following table: IP \| Event \| Bad 10.10.10.1 \| fail \| 10.10.10.... by vbotnari1 Engager in Splunk Search 06-21-2019 0 4	0	4
Available public dataset with hotel/hostel reservations I would like to play with some database containing hotel reservations - who (guest's name, country, gender etc) reser... by dariusz_fedejko Engager in Splunk Search 06-21-2019 0 0	0	0
SplunkJS: How to check if the search is currently running with Javascript? Hi, I have an issue in my project code, something runs a function that starts multiple searches- multiple times. I w... by seva98 Path Finder in Splunk Search 06-21-2019 0 3	0	3
How to disable Splunk app using deployment server? Hi all, I have deployed an app using a deployment server in Splunk. Suppose I got a new update for that app and I n... by tbavarva Path Finder in Splunk Search 06-21-2019 0 5	0	5
Error in 'eval' command: The expression is malformed. An unexpected character is reached at '0)'. Hi guys, Pulled this search off gosplunk's website and tried to run it in my test environment, and received the error... by dharveynswccd Path Finder in Splunk Search 06-21-2019 0 3	0	3
How do I sort this stats count? This is my search below. It shows Country and count. How do I sort the count field for largest to smallest? index="c... by bayman Path Finder in Splunk Search 06-21-2019 1 5	1	5
Is it possible to define tags using regex? I would like to define a tag in splunk using a regex. Example: host=st1231, host=1232, host=1233 --> the name of the... by tgdvopab Path Finder in Splunk Search 06-21-2019 0 10	0	10
How to set up radio button or checkbox to alter text search? I'd like to use a radio button or checkbox to alter a search i.e. toggle between either Index=$index$ host=$host$ s... by raborder New Member in Splunk Search 06-20-2019 0 2	0	2